A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.

Empty your mind, be formless, shapeless — like water. Now you put water in a cup, it becomes the cup; You put water into a bottle it becomes the bottle; You put it in a teapot it becomes the teapot. Now water can flow or it can crash. Be water, my friend.

A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.

Looking at the csv file, it seems that all accounts beyond the 3040 mark have "$1$" in the beginning of them. And many of the ones prior have it as well -- probably those who changed their password after the salting feature was added.

Quote

The benefit provided by using a salted password is rendering a simple dictionary attack against the stored values rather impractical provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would take too much space.

It's proof they accessed the database. The real treasure is the rest of the database, which we should assume an auditor also had access to: balances, account history, bitcoin addresses, and possibly: Dwolla account numbers and IP addresses used to access mtgox, none of which were included publically. The thief still intends to sell this information, and probably already has.

Do you mean episode 005 or an upcoming 006? Is there a way to have the information written somewhere? (I'm a really quick reader but I miss a lot of stuffs during a 48min show, especially because English is not my native language)